search

SecurityRiskAdvisors / VECTR

VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
1.36k stars 161 forks source link

Error with OpenID or Azure AD provider configuration #159

Closed ganguin closed 2 months ago

ganguin commented 2 years ago

Describe the bug

On the latest release ce-8.1.4, adding an OpenID or Azure AD provider fails with an error message.

To Reproduce Steps to reproduce the behavior:

  1. Go to 'Administration' -> 'Access Management' -> 'Identity Providers'
  2. Click on 'Add Provider' and click on Azure or OpenID
  3. Fill in the required information and click on 'Save' to validate the calims mapping
  4. See error: Uh oh, something didn't go right. Please try again. If the error persists, please open an issue on GitHub.

Expected behavior The new provider should be added

Screenshots If applicable, add screenshots to help explain your problem. image

Desktop (please complete the following information):

Additional context Error in the log file:

2022-01-27 14:52:15,875 ERROR [org.springframework.boot.web.servlet.support.ErrorPageFilter] - Forwarding to error page from request [/api/v1/connections] due to exception [Password cannot be null or empty]
java.lang.IllegalArgumentException: Password cannot be null or empty
    at com.sra.security.crypto.KDFArgon2.deriveKey(KDFArgon2.java:30) ~[sra-auth-common-3.0.10.jar:?]
    at com.sra.auth.common.service.GlobalCryptoService.init(GlobalCryptoService.java:56) ~[sra-auth-common-3.0.10.jar:?]
    at com.sra.auth.common.service.GlobalCryptoService.encrypt(GlobalCryptoService.java:29) ~[sra-auth-common-3.0.10.jar:?]
    at com.sra.auth.web.api.v1.resources.ConnectionResource.addConnection(ConnectionResource.java:101) ~[classes/:?]
    at jdk.internal.reflect.GeneratedMethodAccessor290.invoke(Unknown Source) ~[?:?]
    at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[?:?]
    at java.lang.reflect.Method.invoke(Unknown Source) ~[?:?]
    at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205) ~[spring-web-5.3.13.jar:5.3.13]
    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150) ~[spring-web-5.3.13.jar:5.3.13]
    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117) ~[spring-webmvc-5.3.13.jar:5.3.13]
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895) ~[spring-webmvc-5.3.13.jar:5.3.13]
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808) ~[spring-webmvc-5.3.13.jar:5.3.13]
    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) ~[spring-webmvc-5.3.13.jar:5.3.13]
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1067) ~[spring-webmvc-5.3.13.jar:5.3.13]
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963) ~[spring-webmvc-5.3.13.jar:5.3.13]
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) ~[spring-webmvc-5.3.13.jar:5.3.13]
    at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909) ~[spring-webmvc-5.3.13.jar:5.3.13]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:681) ~[servlet-api.jar:4.0.FR]
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) ~[spring-webmvc-5.3.13.jar:5.3.13]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:764) ~[servlet-api.jar:4.0.FR]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227) ~[catalina.jar:9.0.56]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[catalina.jar:9.0.56]
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) ~[tomcat-websocket.jar:9.0.56]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[catalina.jar:9.0.56]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[catalina.jar:9.0.56]
    at com.sra.purpletools.servlet.filters.CacheControlFilter.doFilter(CacheControlFilter.java:42) ~[sra-purpletools-servlet.jar:?]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[catalina.jar:9.0.56]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[catalina.jar:9.0.56]
    at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126) ~[catalina.jar:9.0.56]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[catalina.jar:9.0.56]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[catalina.jar:9.0.56]
    at com.sra.auth.web.filters.GenericRequestFilter.doFilterInternal(GenericRequestFilter.java:33) ~[classes/:?]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.13.jar:5.3.13]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[catalina.jar:9.0.56]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[catalina.jar:9.0.56]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:327) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:126) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:105) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:149) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.13.jar:5.3.13]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.13.jar:5.3.13]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.13.jar:5.3.13]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183) ~[spring-security-web-5.4.9.jar:5.4.9]
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) ~[spring-web-5.3.13.jar:5.3.13]
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) ~[spring-web-5.3.13.jar:5.3.13]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[catalina.jar:9.0.56]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[catalina.jar:9.0.56]
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.3.13.jar:5.3.13]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.13.jar:5.3.13]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[catalina.jar:9.0.56]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[catalina.jar:9.0.56]
    at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.3.13.jar:5.3.13]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.13.jar:5.3.13]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[catalina.jar:9.0.56]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[catalina.jar:9.0.56]
    at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:126) ~[spring-boot-2.4.13.jar:2.4.13]
    at org.springframework.boot.web.servlet.support.ErrorPageFilter.access$000(ErrorPageFilter.java:64) ~[spring-boot-2.4.13.jar:2.4.13]
    at org.springframework.boot.web.servlet.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:101) ~[spring-boot-2.4.13.jar:2.4.13]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.13.jar:5.3.13]
    at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:119) ~[spring-boot-2.4.13.jar:2.4.13]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[catalina.jar:9.0.56]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[catalina.jar:9.0.56]
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.3.13.jar:5.3.13]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.13.jar:5.3.13]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[catalina.jar:9.0.56]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[catalina.jar:9.0.56]
    at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) ~[log4j-web-2.17.0.jar:2.17.0]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[catalina.jar:9.0.56]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[catalina.jar:9.0.56]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) ~[catalina.jar:9.0.56]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) ~[catalina.jar:9.0.56]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) ~[catalina.jar:9.0.56]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) ~[catalina.jar:9.0.56]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[catalina.jar:9.0.56]
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) ~[catalina.jar:9.0.56]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) ~[catalina.jar:9.0.56]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357) ~[catalina.jar:9.0.56]
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:382) ~[tomcat-coyote.jar:9.0.56]
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-coyote.jar:9.0.56]
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:895) ~[tomcat-coyote.jar:9.0.56]
    at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2136) ~[tomcat-coyote.jar:9.0.56]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-coyote.jar:9.0.56]
    at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-util.jar:9.0.56]
    at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-util.jar:9.0.56]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:9.0.56]
    at java.lang.Thread.run(Unknown Source) [?:?]
doodleincode commented 2 years ago

Can you check the value of VECTR_DATA_KEY in your .env file? It might be either missing from the file or set to an empty value. If that's the case, set a value for VECTR_DATA_KEY and that should fix it.

Edit: After adding VECTR_DATA_KEY to the .env file, you'll need to restart the containers: docker-compose restart.

ganguin commented 2 years ago

I double checked, yes I've set all the secrets including VECTR_DATA_KEY, I'm using all 32 characters long alphanumeric secrets, I hope there is no issue with characters and length?

ganguin commented 2 years ago

Can I enable some debugging to identify which "password is null or empty"?

doodleincode commented 2 years ago

The "password" that it's looking at is the VECTR_DATA_KEY value. One thing you can do is check if VECTR_DATA_KEY is being set correctly in the container. Open up a shell into the Tomcat container:

docker exec -it <tomcat_container_name> /bin/bash

Then dump the env variables: printenv and check if VECTR_DATA_KEY is listed.

doodleincode commented 2 years ago

Did you happen to change the APP_NAME from its default "VECTR"?

ganguin commented 2 years ago

Yes, I changed the default APP_NAME.

I reverted it back, and recreated the docker instances.

It works.

Is this an issue that changing APP_NAME has side-effects? IMO it should at least be documented.

doodleincode commented 2 years ago

This appears to be a bug. We'll provide a fix in a future release.

initstring commented 2 years ago

Hi team!

Something interesting about this process. When you encounter this "Uh oh" error, from my experience it has still added the broken identity provider into the list.

I was in a similar situation today, and ended up with 10+ broken entries that had an incorrect discovery URL.

Then, when I logged out the application was completely broken and I could not log back in, due to the existence of broken IdPs.

I restored from backup and got it all working, but it might be good to ensure that when this error triggers that the broken entry is not added permanently.

Thanks!

doodleincode commented 2 years ago

Hi team!

Something interesting about this process. When you encounter this "Uh oh" error, from my experience it has still added the broken identity provider into the list.

I was in a similar situation today, and ended up with 10+ broken entries that had an incorrect discovery URL.

Then, when I logged out the application was completely broken and I could not log back in, due to the existence of broken IdPs.

I restored from backup and got it all working, but it might be good to ensure that when this error triggers that the broken entry is not added permanently.

Thanks!

Thanks for reporting the bug! We'll fix it in a future release.

Was this related to adding Google as an OIDC provider?

initstring commented 2 years ago

Was this related to adding Google as an OIDC provider?

Hi @doodleincode! Yes, it was. I initially entered an incorrect discovery URL (https://accounts.google.com). This generated an error in the logs due to a 401 which was returned.

After doing this even once, entering the correct information will no longer work as it seems to continue choking on the first broken entry.

SRAPSpencer commented 2 years ago

A quick update on this, the APP_NAME issue still exists but we've made other improvements.

  1. Adding an IDP which contains an error no longer saves automatically.
  2. Issues in metadata resolution or other similar errors no longer breaks auth. Local logins should still work.
0x00-0x00 commented 2 years ago

No temporary solution for this issue?

I was setting up OpenID and got this exact same error because I have changed APP_NAME during installation as well. This really should be in the documentation, I can't use vectr in local login unfortunately.

The best solution then is to backup data and create a instance with the default name?

pr0b3r7 commented 2 years ago

I think so Andre - at the moment I have not recreated my VECTR instance with the default name for fear of data loss - how would you go about backing up and restoring the data?

0x00-0x00 commented 2 years ago

@pr0b3r7 i have got a solution for now. I will detail further down

So, with the fear of losing data, I set-up a local instance in my personal computer and have tried to find a solution, and I actually found a way to change APP_NAME without losing data and it is fairly simple. It worked for me, so I will post here in case anyone want to try it as well.

Update your .env file with the default APP_NAME, which is VECTR

APP_NAME=VECTR

Then, recreate the docker containers using the docker-compose command:

docker-compose -f docker-compose.yml up -d

If you have used a namespace when building the containers, then you will need to specify, such as:

docker-compose -f docker-compose.yml -p org-vectr up -d

After container re-creation, I was able to set-up the correct parameters to OpenID and got the Reply URL and Logout URL for the SSO setup.

SRAPSpencer commented 2 years ago

Here's a quick note on backing up and restoring data. We do have a new release coming out imminently and that will be paired with a documentation improvements. I'm not sure if the APP_NAME issue made this release. This was shared on our Discord server.

Here's the gist of it. Mongodump and mongorestore live inside the containers. You'll have to run a command that will run these inside of the container, then copy them out to your host so you can move them to your other node.

!/bin/bash

run mongodump in the container, put it in the /tmp/ directory in the container. This is using the default password and default container name:

docker exec -w /tmp sandbox1_vectr-mongo_1 /bin/bash -c 'mongodump --username admin --password Test1234 --authenticationDatabase admin; tar -zcvf dump.tgz -C dump .'

copy the file out of the container:

docker cp sandbox1_vectr-mongo_1:/tmp/dump.tgz .

On your other host, make a directory /opt/vectr/user/mongo (assuming VECTR is installed under /opt/vectr). This directory will have to have the uid/gid that VECTR is using inside the container (10001:10001). You can read about that here: https://docs.vectr.io/upgrading/non-root-migration/faq/

Once the directory is set up, you untar the contents to that directory: tar -zxvf dump.tgz -C /opt/vectr/user/mongo

If you already have data loaded in the destination box, you'll need to stop the containers and delete the volume for the new one to load. MAKE SURE YOU DON'T HAVE ANYTHING IN THERE THAT YOU WANT!!!

docker-compose down docker volume rm sandbox1-vectr-db

You can then do 'docker-compose up' and the new DB should populate.

pr0b3r7 commented 2 years ago

Here's a quick note on backing up and restoring data. We do have a new release coming out imminently and that will be paired with a documentation improvements. I'm not sure if the APP_NAME issue made this release. This was shared on our Discord server.

Here's the gist of it. Mongodump and mongorestore live inside the containers. You'll have to run a command that will run these inside of the container, then copy them out to your host so you can move them to your other node.

!/bin/bash

run mongodump in the container, put it in the /tmp/ directory in the container. This is using the default password and default container name: docker exec -w /tmp sandbox1_vectr-mongo_1 /bin/bash -c 'mongodump --username admin --password Test1234 --authenticationDatabase admin; tar -zcvf dump.tgz -C dump .'

copy the file out of the container: docker cp sandbox1_vectr-mongo_1:/tmp/dump.tgz .

On your other host, make a directory /opt/vectr/user/mongo (assuming VECTR is installed under /opt/vectr). This directory will have to have the uid/gid that VECTR is using inside the container (10001:10001). You can read about that here: docs.vectr.io/upgrading/non-root-migration/faq

Once the directory is set up, you untar the contents to that directory: tar -zxvf dump.tgz -C /opt/vectr/user/mongo

If you already have data loaded in the destination box, you'll need to stop the containers and delete the volume for the new one to load. MAKE SURE YOU DON'T HAVE ANYTHING IN THERE THAT YOU WANT!!!

docker-compose down docker volume rm sandbox1-vectr-db

You can then do 'docker-compose up' and the new DB should populate.

Thank you sir! this solution worked flawlessly to restore the data at a different instance :) - will proceed to test @0x00-0x00 's solution to the APP_NAME variable dilemma. Thank you guys!

pr0b3r7 commented 2 years ago

@pr0b3r7 i have got a solution for now. I will detail further down

So, with the fear of losing data, I set-up a local instance in my personal computer and have tried to find a solution, and I actually found a way to change APP_NAME without losing data and it is fairly simple. It worked for me, so I will post here in case anyone want to try it as well.

Update your .env file with the default APP_NAME, which is VECTR

APP_NAME=VECTR

Then, recreate the docker containers using the docker-compose command:

docker-compose -f docker-compose.yml up -d

If you have used a namespace when building the containers, then you will need to specify, such as:

docker-compose -f docker-compose.yml -p org-vectr up -d

After container re-creation, I was able to set-up the correct parameters to OpenID and got the Reply URL and Logout URL for the SSO setup.

I can confirm this fix worked on 8.3.2 + Az AD SSO via app registration @0x00-0x00

doodleincode commented 2 months ago

Closing as the APP_NAME has been deprecated in VECTR 9.x and is no longer relevant. I believe this was the remaining part of this issue.